Facebook notified affected Instagram users that when they utilized the feature, it sent their password in plaintext in the URL. For some reason, these passwords were also stored on Facebook's servers, however the notification said that data has been deleted and the tool was updated so it won't happen now.

In a statement to The Information, a spokesperson said the issue only impacted a "small number of people" although if those people were using a shared computer, or on a compromised network then it could've left their account info wide open. If you haven't been notified then your account apparently was unaffected, but it's still a troubling gap left in the hole of security, especially on something as important as passwords. While everyone should be using unique password managers for every site and service (if you need a password manager to keep up with them, then that's the way to go, meanwhile you cna enable two-factor authentication on Instagram as described here), not everyone does and an exposure of this kind is just another troubling episode to hit Facebook.